Fortinet white logo
Fortinet white logo

CLI Reference

config user external-identity-provider

config user external-identity-provider

Configure external identity provider.

config user external-identity-provider
    Description: Configure external identity provider.
    edit <name>
        set group-attr-name {string}
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set port {integer}
        set server-identity-check [disable|enable]
        set source-ip {string}
        set timeout {integer}
        set type {option}
        set url {string}
        set user-attr-name {string}
        set version [v1.0|beta]
    next
end

config user external-identity-provider

Parameter

Description

Type

Size

Default

group-attr-name

Group attribute name in authentication query.

string

Maximum length: 63

id

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

name

External identity provider name.

string

Maximum length: 35

port

External identity provider service port number.

integer

Minimum value: 0 Maximum value: 65535

0

server-identity-check

Enable/disable server's identity check against its certificate and subject alternative name(s).

option

-

enable

Option

Description

disable

Do not check server's identity against its certificate and subject alternative name(s).

enable

Check server's identity against its certificate and subject alternative name(s).

source-ip

Use this IPv4/v6 address to connect to the external identity provider.

string

Maximum length: 63

timeout

Connection timeout value in seconds.

integer

Minimum value: 1 Maximum value: 60

5

type

External identity provider type.

option

-

Option

Description

ms-graph

Microsoft Graph server.

url

External identity provider URL (e.g. "https://example.com:8080/api/v1"). Read-only.

string

Maximum length: 127

user-attr-name

User attribute name in authentication query.

string

Maximum length: 63

userPrincipalName

version

External identity API version.

option

-

Option

Description

v1.0

MS Graph REST API v1.0.

beta

MS Graph REST API beta (debug build only).

config user external-identity-provider

config user external-identity-provider

Configure external identity provider.

config user external-identity-provider
    Description: Configure external identity provider.
    edit <name>
        set group-attr-name {string}
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set port {integer}
        set server-identity-check [disable|enable]
        set source-ip {string}
        set timeout {integer}
        set type {option}
        set url {string}
        set user-attr-name {string}
        set version [v1.0|beta]
    next
end

config user external-identity-provider

Parameter

Description

Type

Size

Default

group-attr-name

Group attribute name in authentication query.

string

Maximum length: 63

id

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

name

External identity provider name.

string

Maximum length: 35

port

External identity provider service port number.

integer

Minimum value: 0 Maximum value: 65535

0

server-identity-check

Enable/disable server's identity check against its certificate and subject alternative name(s).

option

-

enable

Option

Description

disable

Do not check server's identity against its certificate and subject alternative name(s).

enable

Check server's identity against its certificate and subject alternative name(s).

source-ip

Use this IPv4/v6 address to connect to the external identity provider.

string

Maximum length: 63

timeout

Connection timeout value in seconds.

integer

Minimum value: 1 Maximum value: 60

5

type

External identity provider type.

option

-

Option

Description

ms-graph

Microsoft Graph server.

url

External identity provider URL (e.g. "https://example.com:8080/api/v1"). Read-only.

string

Maximum length: 127

user-attr-name

User attribute name in authentication query.

string

Maximum length: 63

userPrincipalName

version

External identity API version.

option

-

Option

Description

v1.0

MS Graph REST API v1.0.

beta

MS Graph REST API beta (debug build only).